| CVE-2026-42297 |
high |
8.3 |
8.3 |
20d ago |
Argo has Missing Authorization in its Sync ConfigMap Provider |
|
| CVE-2026-42296 |
high |
8.1 |
8.1 |
20d ago |
Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure |
|
| CVE-2026-28229 |
high |
— |
8.0 |
3mo ago |
Unauthorized access to Argo Workflows Template |
|
| CVE-2026-40886 |
high |
7.7 |
7.7 |
1mo ago |
Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller |
|
| CVE-2026-42294 |
high |
7.5 |
7.5 |
20d ago |
Argo Vulnerable to Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor |
|
| CVE-2026-42183 |
medium |
6.5 |
6.5 |
20d ago |
Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go) |
|
| CVE-2026-42295 |
medium |
4.9 |
4.9 |
20d ago |
Argo vulnerable to exposure of artifact repository credentials |
|
| CVE-2026-31892 |
unknown |
— |
— |
3mo ago |
Argo Workflows: WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode in github.com/argoproj/argo-workflows |
|